计算机应用 ›› 2012, Vol. 32 ›› Issue (05): 1397-1399.

• 信息安全 • 上一篇    下一篇

基于K层特征模型的异常流量识别算法

郑建忠1,郑建荣2   

  1. 1. 银川东方运输设备有限公司,银川 750011
    2. 宁夏平罗县职业教育中心 教务科,宁夏 平罗 753400
  • 收稿日期:2011-11-04 修回日期:2012-01-10 发布日期:2012-05-01 出版日期:2012-05-01
  • 通讯作者: 郑建忠
  • 作者简介:郑建忠(1974-),男,宁夏石嘴山人,工程师,硕士,主要研究方向:网络与数据信息安全;郑建荣(1963-),男,宁夏石嘴山人,中教一级,主要研究方向:计算机网络安全。
  • 基金资助:

    国家信息安全管理中心项目(2006C27)

Algorithm of abnormal flow identification based on dynamic K-layer features model

ZHENG Jian-zhong1,ZHENG Jian-rong2   

  1. 1. Yinchuan East Transportation Equipment Limited Corporation,Yinchuan Ningxia 750001,China
    2. Educational Administration Branch, Pingluo Vocational Education Center of Ningxia, Pingluo Ningxia 753400,China
  • Received:2011-11-04 Revised:2012-01-10 Online:2012-05-01 Published:2012-05-01
  • Contact: ZHENG Jian-zhong

PDF

摘要: 针对在NetFlow数据流的环境中,如何解决海量数据识别的问题,提出基于K层特征模型的异常流量识别算法。采用优先级策略依次打开索引表,读取异常行为,并与异常行为的特征值逐条匹配,匹配成功作标记,确定异常行为类型。实验结果表明,该算法能够快速有效地识别异常数据流,提高了海量数据识别的实效性,有效地解决了网络安全问题,达到设计目标。

关键词: 异常流量, 流量分析, 异常检测, 特征模型, NetFlow

Abstract: This paper mainly addressed how to identify a mass of dada in NetFlow environment. It proposed an algorithm of abnormal flow identification based on dynamic K-layer feature model. With priority strategies, index table was opened reading the abnormal behavior and matching with eigenvalues one by one. When a match was done successfully, it was marked and the type of abnormal behavior was determined. The experimental result shows that it can identify the abnormal flow quickly and efficiently. It improves the efficiency of identification, and solves network security problems and achieves design goals.

Key words: abnormal flow, flow analysis, abnormal detection, feature pattern, NetFlow

中图分类号: 

版权所有 © 2021 四川计算机应用杂志社有限公司
蜀ICP备 05010208 号-3 新出网证(川)字026号
技术支持:北京玛格泰克科技发展有限公司
访问总数:
今日访问: